You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/02/01 11:12:11 UTC

svn commit: r905234 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

Author: markt
Date: Mon Feb  1 10:12:10 2010
New Revision: 905234

URL: http://svn.apache.org/viewvc?rev=905234&view=rev
Log:
APR/native page has better info so link rather than copy

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Mon Feb  1 10:12:10 2010
@@ -1213,9 +1213,9 @@
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
        
-    <p>The APR/native connector is vulnerable if the OpenSSL version used is
-       vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
-       and protect against this vulnerability.</p>
+    <p>The APR/native workarounds are detailed on the
+       <a href="security-native.html">APR/native connector security page</a>.
+       </p>
        
     <p>Users should be aware that the impact of disabling renegotiation will
        vary with both application and client. In some circumstances disabling

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Mon Feb  1 10:12:10 2010
@@ -926,9 +926,9 @@
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
        
-    <p>The APR/native connector is vulnerable if the OpenSSL version used is
-       vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
-       and protect against this vulnerability.</p>
+    <p>The APR/native workarounds are detailed on the
+       <a href="security-native.html">APR/native connector security page</a>.
+       </p>
        
     <p>Users should be aware that the impact of disabling renegotiation will
        vary with both application and client. In some circumstances disabling

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Mon Feb  1 10:12:10 2010
@@ -582,9 +582,9 @@
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
        
-    <p>The APR/native connector is vulnerable if the OpenSSL version used is
-       vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
-       and protect against this vulnerability.</p>
+    <p>The APR/native workarounds are detailed on the
+       <a href="security-native.html">APR/native connector security page</a>.
+       </p>
        
     <p>Users should be aware that the impact of disabling renegotiation will
        vary with both application and client. In some circumstances disabling

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Mon Feb  1 10:12:10 2010
@@ -477,9 +477,9 @@
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
        
-    <p>The APR/native connector is vulnerable if the OpenSSL version used is
-       vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
-       and protect against this vulnerability.</p>
+    <p>The APR/native workarounds are detailed on the
+       <a href="security-native.html">APR/native connector security page</a>.
+       </p>
        
     <p>Users should be aware that the impact of disabling renegotiation will
        vary with both application and client. In some circumstances disabling



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org